Home

Mail SPAM and Virus Scanning

Spam, or electronic 'junk mail', has increased so sharply in recent years that it is threatening the viability of email. Spam messages are often fraudulent, offensive or annoying, and they often carry viruses. Net Solutions is able to take a number of steps to address this issue by offering Mail Filtering Service.

Net Solutions uses Postfix,MailScanner,Amavis,DCC,Razor and Spamassassin to handle email. In addition to this we use blacklisting at the server entry level. Net Solutions fully support the Australian Spam Code of Practice

In many cases of Virus or Virus looking mail, Net Solutions will discard rather than bounce back a message to the sending user. This is done because most mail currently received was not sent by the forged From: user so sending back a bounce would be misplaced and inaccurate.

The following types of connections and content will be denied out of hand and not permitted into the system


  1. Invalid date header, specifically a double-dash in the TZ. This is included in most W32.Sobig.F@mm viruses containers and is simply accepted and discarded without notice to the sender or receiver.
  2. Connections without a PRT (Valid rDNS) IP address. Email will not be accepted from hosts that don't have RFC compliant IP addresses. If you have this problem, you should contact the Authoritative Nameserver of your IP block to get it fixed.
  3. HELO of our servers name or IP. There is no valid reason to have a mail server mimic our mail servers hostname or IP in the HELO statement.
  4. Forged HELO's of common ISP's. hotmail, msn, compuserve, aol... any connection that says HELO using a common ISP but the hostname does not match a valid hostname for that service will be discarded.
  5. Connections from Squid or Cashflow Servers are denied as open proxies.
  6. International RBL sites. A number of national and international reputable RBL maintainers are consulted on connections and valid hits will result in a block. List of RBL's used:
    RBL Habeas.Com RBL SpamCop.net Email Protected by SBL Advisory
  7. Blacklisted senders and hostnames. A list of common senders that are sent from a variety of different hosts are blocked in this manner.
  8. Sites with syntactically invalid hostnames/HELO's. Most common offender is the UnderScore in a hostname which has never been legal.
  9. Virus Detected Email. Any mail found to contain a virus will be accepted and discarded without notice to the sender or the recipient.

In addition, all inbound mail is scanned by Spam Assassin and is scored. Mail that scores higher than 100.0 will be discarded and no notification sent to the sender or receiver. All remaining mail will be sent to the recipient where they can choose how to deal with it using their own policies.

Note that the denial of MIME attachments above, is the Number #1 reason why our clients have been spared the currrent rash of spam/virus/worm/junk that has been plauging the Internet recently. NONE of our users have received these potentially dangerous email.

Why do you Discard rather than send a bounce message?

Recent W32.Sobig.F@mm outbreak of viruses have shown that the old method of identifying a bad mail message and informing the sender or recipient is no longer viable. This is because most of the time now, the actual sender of the message is not the forged username in the From header. It may be a valid address as was the To header, but neither party had anything to do with it as it was injected by a third party that can only be identified by the host IP that it used to make the connection.

Having your Virus detection software send a bounce back to the sender is most likely the same as sending unsolicited spam mail to that user because they didn't send it to you in the first place.

In many cases, the bounce messages were the only thing actually getting to the users which turned the virus into a spam fest at the expense of the non-participants.

IF a user really has an infected computer, there will be plenty of other mail servers that will send notes of an infection so we won't need to bother.

Infected hosts that are identified as sending large amounts of virual/spam messages will be reported to their ISP and then blocked from any connections until they are fixed.

Anti-Virus Dangerous File Attachments

The following is a list of file attachments that may be blocked by Net Solutions hosting services (the attachments are removed from emails before delivery to you and placed in a quarantine area for 30 days should you wish to receive them):

# These are known to be dangerous in almost all cases.
.reg Possible Windows registry attack
.chm Possible compiled Help file-based virus
.cnf Possible SpeedDial attack
.hta Possible Microsoft HTML archive attack
.ins Possible Microsoft Internet Comm. Settings attack
.jse_ Possible Microsoft JScript attack
.lnk Possible Eudora *.lnk security hole attack
.ma_ Possible Microsoft Access Shortcut attack
.pif Possible MS-Dos program shortcut attack
.scf Possible Windows Explorer Command attack
.sct Possible Microsoft Windows Script Component attack
.shb Possible document shortcut attack
.shs Possible Shell Scrap Object attack
.vbe or .vbs Possible Microsoft Visual Basic script attack
.wsc .wsf .wsh Possible Microsoft Windows Script Host attack
.xnk Possible Microsoft Exchange Shortcut attack


# These are very dangerous and have been used to hide viruses
.com Windows/DOS Executable
.exe Windows/DOS Executable
.scr Possible virus hidden in a screensaver
.bat Possible malicious batch file script
.cmd Possible malicious batch file script
.cpl Possible malicious control panel item
.mhtml Possible Eudora meta-refresh attack

# Deny filenames ending with CLSID's
{[a-hA-H0-9-]{25,}\} Filename trying to hide its real extension
Examples:
A977FF0C-8757-4E76-8533-482F91946233
000209FF-0000-0000-C000-000000000046

# Deny filenames with lots of contiguous white space in them.
Filename contains lots of white space

# Deny all other double file extensions. This catches any hidden filenames.
Found possible filename hiding
Examples:
.txt.pif
.doc.pif
.exe.pdf
.doc.com
.txt.exe


My mail was denied and it should not have been...

If you attempted to send mail to a Net Solutions client and it was declined, you can submit a trouble ticket to our technical support team via our submission form. Please include the following information:
  • Copy of the message headers
  • The exact date and time it was sent
  • The person to whom the message was addressed.

The above information will help us check our logs to see if we can determine what the problem is. We are unable to assist with enquiries without the details above.

Reporting SPAM to ACMA

Net Solutions encourages reporting all SPAM to ACMA through the SpamMATTERS add-in which is simple to install.

  1. For Microsoft Outlook or Outlook Express users - If you have an IBM-compatible PC running Microsoft Windows Me, 2000 or XP you can download the SpamMATTERS Microsoft Outlook or Outlook Express add-in. You will then be able to report or complain about spam with a simple toolbar button. After you have downloaded the add-in below, read the user guide to find out how it works.  If you want you can also configure SpamMATTERS to automatically delete any spam you report.
     
              -> Download the Microsoft Outlook or Outlook Express SpamMATTERS add-in

  2. For Mac users or users who don.t use Microsoft Outlook or Outlook Express - If you don't have Outlook or Outlook Express, or your computer is not an IBM-compatible PC running Microsoft Windows, (e.g. it is an Apple Mac or a UNIX system), you can still take part by registering online for a 'key', and then submitting spam via ACMA.s online spam submission form.  You can also then submit spam you report to a specific email address.

  3. For users who wish to submit spam manually . You can also submit spam anonymously via ACMA.s anonymous online spam submission form. Registering before submission is encouraged, but not mandatory.